I recently got my CISSP. The company that I work for paid for me to
go to a class, and take the test assuming I passed. If I failed then
the $500 would be on my nickle. Thankfully I did not fail. The main
reason they wanted me to get my CISSP is now they can charge more for
the work they contract me out to, this and you need it or some other
equivalent to do level 3 and 4 DITSCAP testing. As for an RI after I
passed a got a 15% raise which was nice, but I was also up for a
raise, so I can not tell you how much that was due to the CISSP, and
how much was due to my overall performance at the company. Personally
I feel that the exam and certification process is a waste of time, and
so does everyone else at the company, but they are needed, or so they
say. However we have a guy who works here who is a CISSP and a
CEH(certified ethical hacker), and to be truthful, he is quite
possible the most worthless tester I have ever had to work with, and
everyone else in the office knows this. So having the cert doesn't
make you good, and doesn't prove to anyone that you have experience or
skill. It just proves that you can pick the correct answer out of a
four possible answer on a 250 question multiple choice exam. As for
giving an out of 10 scale for everything you mentioned I guess they
would all be 5s because it all really depends on a lot of other
things. As for what job its good for, I would have to say more
managerial then anything else. The topics covered are really only
puddle deep, not enough to know whats going on, just enough to know
that it is going on though.
Nathaniel Hirsch, CISSP
Xacta Corporation
656 Shrewsbury Ave.
Shrewsbury, NJ 07702
5/8/06, Mohamed Abdel Kader <makster12 (AT) hotmail (DOT) comwrote:
Hi all,
I was wondering if anyone out there did the CISSP-ISSMP concentration.
I want to know the value added in the areas listed below, in an out of 10
scale for example:
Total RI
Career Advancement
Industry Demand
Raise Potential
Suitable for what job/position (not an out of 10 answer of course :))
I also want to know the material to study from.
Thanks a million.
MAK
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you:
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request (AT) cenzic (DOT) com for details.
--
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you:
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request (AT) cenzic (DOT) com for details.

Sometimes you need a cert because someone that you are working for
request that as a minimum requirement. Before spending your own money
on a cert (/like I have to do/) you should determine its value to you.
You need to understand your job objectives short-term and long-term
before spending your money on a cert that has little value based on your
objectives.

I am also looking at the CISSP concentrations certs, but I am also
looking at obtaining more technical ones like SANS Gold level. To
balance these certs I am planning to take some graduate classes in
Information Assurance at one of the National Centers of Academic
Excellence in Information Assurance Education (CAEIAE).

Intel96

Nathaniel Hirsch wrote:
I recently got my CISSP. The company that I work for paid for me to
go to a class, and take the test assuming I passed. If I failed then
the $500 would be on my nickle. Thankfully I did not fail. The main
reason they wanted me to get my CISSP is now they can charge more for
the work they contract me out to, this and you need it or some other
equivalent to do level 3 and 4 DITSCAP testing. As for an RI after I
passed a got a 15% raise which was nice, but I was also up for a
raise, so I can not tell you how much that was due to the CISSP, and
how much was due to my overall performance at the company. Personally
I feel that the exam and certification process is a waste of time, and
so does everyone else at the company, but they are needed, or so they
say. However we have a guy who works here who is a CISSP and a
CEH(certified ethical hacker), and to be truthful, he is quite
possible the most worthless tester I have ever had to work with, and
everyone else in the office knows this. So having the cert doesn't
make you good, and doesn't prove to anyone that you have experience or
skill. It just proves that you can pick the correct answer out of a
four possible answer on a 250 question multiple choice exam. As for
giving an out of 10 scale for everything you mentioned I guess they
would all be 5s because it all really depends on a lot of other
things. As for what job its good for, I would have to say more
managerial then anything else. The topics covered are really only
puddle deep, not enough to know whats going on, just enough to know
that it is going on though.
--
Nathaniel Hirsch, CISSP
Xacta Corporation
656 Shrewsbury Ave.
Shrewsbury, NJ 07702

5/8/06, Mohamed Abdel Kader <makster12 (AT) hotmail (DOT) comwrote:
>Hi all,
>I was wondering if anyone out there did the CISSP-ISSMP concentration.
>I want to know the value added in the areas listed below, in an out
>of 10
>scale for example:
>>
>Total RI
>Career Advancement
>Industry Demand
>Raise Potential
>>
>Suitable for what job/position (not an out of 10 answer of course
>:))
>>
>I also want to know the material to study from.
>>
>Thanks a million.
>MAK
>>
>
>>
>This List Sponsored by: Cenzic
>>
>Concerned about Web Application Security?
>Why not go with the #1 solution - Cenzic, the only one to win the
>Analyst's
>Choice Award from eWeek. As attacks through web applications continue
>to rise,
>you need to proactively protect your applications from hackers.
>Cenzic has the
>most comprehensive solutions to meet your application security
>penetration
>testing and vulnerability management needs. You have an option to go
>with a
>managed service (Cenzic ClickToSecure) or an enterprise software
>(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
>can
>help you:
>And, now for a limited time we can do a FREE audit for you to confirm
>your
>results from other product. Contact us at request (AT) cenzic (DOT) com for
>details.
>
>>
>>
>>
>

This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1
solution - Cenzic, the only one to win the Analyst's Choice Award from
eWeek. As attacks through web applications continue to rise, you need
to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security
penetration testing and vulnerability management needs. You have an
option to go with a managed service (Cenzic ClickToSecure) or an
enterprise software (Cenzic Hailstorm). Download FREE whitepaper on
how a managed service can help you:
And, now for a limited
time we can do a FREE audit for you to confirm your results from other
product. Contact us at request (AT) cenzic (DOT) com for details.

>
>
>

This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you:
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request (AT) cenzic (DOT) com for details.

In terms of simple knowledge gained I learned a lot from taking the
exam. It is a mile wide. Like I now know which is the best fire
suppression system to use in any given location, and can tell you how
high a fence needs to be to deter average people from climbing over
it, the different type of lighting a building can have, there benefits
of hot and cold sites, lots of crazy laws and how they are applicable,
and a bunch of other stuff that I personally don't use in my day to
day job. Like I could care less about the encryption scheme used in
GSM phones. But these are the things that are covered in the CISSP.
So I gained a lot of knowledge, but as for how much of it was directly
applicable to work, very little. Pretty much everything that was
applicable to my line of work I already knew.

Nathaniel Hirsch, CISSP
Xacta Corporation
656 Shrewsbury Ave.
Shrewsbury, NJ 07702

5/9/06, Deogratias Nondi <dgratius (AT) hotmail (DOT) comwrote:
>
>
>
How can you compare it with CISA, in terms of work knowledge gained?
>
>
>

>
>
>
>
From: "Nathaniel Hirsch" <nh2 (AT) njit (DOT) edu>
To: "Mohamed Abdel Kader" <makster12 (AT) hotmail (DOT) com>
CC: pen-test (AT) securityfocus (DOT) com
Subject: Re: CISSP-ISSMP
Date: Mon, 8 May 2006 16:19:18 -0400
I recently got my CISSP. The company that I work for paid for me to
go to a class, and take the test assuming I passed. If I failed then
the $500 would be on my nickle. Thankfully I did not fail. The main
reason they wanted me to get my CISSP is now they can charge more for
the work they contract me out to, this and you need it or some other
equivalent to do level 3 and 4 DITSCAP testing. As for an RI after I
passed a got a 15% raise which was nice, but I was also up for a
raise, so I can not tell you how much that was due to the CISSP, and
how much was due to my overall performance at the company. Personally
I feel that the exam and certification process is a waste of time, and
so does everyone else at the company, but they are needed, or so they
say. However we have a guy who works here who is a CISSP and a
CEH(certified ethical hacker), and to be truthful, he is quite
possible the most worthless tester I have ever had to work with, and
everyone else in the office knows this. So having the cert doesn't
make you good, and doesn't prove to anyone that you have experience or
skill. It just proves that you can pick the correct answer out of a
four possible answer on a 250 question multiple choice exam. As for
giving an out of 10 scale for everything you mentioned I guess they
would all be 5s because it all really depends on a lot of other
things. As for what job its good for, I would have to say more
managerial then anything else. The topics covered are really only
puddle deep, not enough to know whats going on, just enough to know
that it is going on though.
--
Nathaniel Hirsch, CISSP
Xacta Corporation
656 Shrewsbury Ave.
Shrewsbury, NJ 07702

5/8/06, Mohamed Abdel Kader <makster12 (AT) hotmail (DOT) comwrote:
>Hi all,
>I was wondering if anyone out there did the CISSP-ISSMP
>concentration.
>I want to know the value added in the areas listed below, in an out
>of 10
>scale for example:
>
Total RI
Career Advancement
Industry Demand
Raise Potential

Suitable for what job/position (not an out of 10 answer of
>course :))
>
>I also want to know the material to study from.
>
>Thanks a million.
>MAK
>
>
>This List Sponsored by: Cenzic
>
>Concerned about Web Application Security?
>Why not go with the #1 solution - Cenzic, the only one to win the
>Analyst's
>Choice Award from eWeek. As attacks through web applications
>continue to rise,
>you need to proactively protect your applications from hackers.
>Cenzic has the
>most comprehensive solutions to meet your application security
>penetration
>testing and vulnerability management needs. You have an option to go
>with a
>managed service (Cenzic ClickToSecure) or an enterprise software
>(Cenzic Hailstorm). Download FREE whitepaper on how a managed
>service can
>help you:
>And, now for a limited time we can do a FREE audit for you to
>confirm your
>results from other product. Contact us at request (AT) cenzic (DOT) com for
>details.
>
>
>
>

This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise,
you need to proactively protect your applications from hackers. Cenzic has
the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you:
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request (AT) cenzic (DOT) com for details.

--

This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you:
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request (AT) cenzic (DOT) com for details.

Hi,

So having the cert doesn't
make you good, and doesn't prove to anyone that you have experience or

I think the problem is the cause and effect. Having a cert does not
make you good. But being good should be able to get you a cert provided
that what the cert tests is valid for application in the industry.

And you can't generalize on certifications as being all the same. Just
to throw this out there but have you looked at the ISECM
certifications? With this certification, ISECM has shown itself to be
a lot different- with tests based on applied ability and resourcefulness
rather than just knowledge alone. For example, both the Professional
Security Tester (PST) and Professional Security Analyst (PSA)
certification exams are open book exams because knowledge alone will not
help you pass and in the real world, the ability to use reference
materials properly, including the internet, are an important part of
security work. Now these certs are not for everyone but they do prove a
level of competence in having proper analysis skills or understanding
the security of interactions at a low level (see www.opsa.org and
www.opst.org for more info). I know a lot of companies who use the
certification for vetting existing employees and new hires as to being
able to hit the ground running upon hiring, especially if the work
experience is small or questionable.

Sincerely,
-pete.

This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you:
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request (AT) cenzic (DOT) com for details.